Finding systems using SMB1?

Hi Experts,

Is there a easy way to detect systems on my network using SMB1?  I see that it is installed on some of our servers, and we are also using SMB ISCsci storage for our Hyper V's, but I don't want to have to go to every server and see if it's enabled, I'd like to be able to view everything and see not only where it's enabled, but if it's being used.

I have Microsoft Message Analyzer but am stuck as of typing this.

Thank you in advance.

Karen
klsphotosAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

masnrockCommented:
You could set up a system with Wirrshark and monitor traffic. That way you can see what systems are actually sending SMB v1 traffic.
0
Dr. KlahnPrincipal Software EngineerCommented:
Is there a easy way to detect systems on my network using SMB1?

Push a GPO or registry patch to disable SMB1 on all servers, and then see which client machines fail.
0
JohnBusiness Consultant (Owner)Commented:
If you have anything below Windows 7 or Server 2008 AND IF all systems at or above Windows 7 or Server 2008, you can assume the old workstations and servers are at risk.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

klsphotosAuthor Commented:
Thank you everyone!  I thought about doing the GP disable, but am unable to do that.  We do have some older servers (2008) that we are migrating services off of, I am suspecting some of them are.  I'm still trying to figure out how to confirm it on our storage servers that are hosting the storage for our Hyper v hosts.

All workstations are windows 10.
0
JohnBusiness Consultant (Owner)Commented:
Thanks for the update.
0
Shaun VermaakTechnical SpecialistCommented:
Without any tools? Low tech Honeypot. Create an SMB1 share and force all clients to create a file there (with GPO or the like), perhaps %COMPUTERNAME%.txt. Any computer that can create a file, fails adit.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Storage

From novice to tech pro — start learning today.